zebra/deny.toml

# Note that all fields that take a lint level have these possible values:
# * deny - An error will be produced and the check will fail
# * warn - A warning will be produced, but the check will not fail
# * allow - No warning or error will be produced, though in some cases a note
# will be

# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "deny"
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"

# List of crates that are allowed. Use with care!
allow = [
    #{ name = "ansi_term", version = "=0.11.0" },
]

# Certain crates/versions that will be skipped when doing duplicate detection.
skip = [
    #  wait for zcash_proofs fork be merged back into upstream
    # https://github.com/ZcashFoundation/zebra/issues/3831
    { name = "equihash", version = "=0.1.0" },
    { name = "zcash_encoding", version = "=0.1.0" },
    { name = "zcash_note_encryption", version = "=0.1.0" },
    { name = "zcash_primitives", version = "=0.6.0" },
]
# Similarly to `skip` allows you to skip certain crates during duplicate
# detection. Unlike skip, it also includes the entire tree of transitive
# dependencies starting at the specified crate, up to a certain depth, which is
# by default infinite
skip-tree = [
    # ticket #2983: criterion dependencies
    { name = "criterion", version = "=0.3.5" },

    # ticket #3000: tower-fallback dependencies
    { name = "pin-project", version = "=0.4.29" },

    # ticket #3315: ordered-map dependencies that should be dev-dependencies
    { name = "ordered-map", version = "=0.4.2" },

    # ticket #2984: owo-colors dependencies
    { name = "color-eyre", version = "=0.5.11" },

    # wait for structopt upgrade (or upgrade to clap 3)
    { name = "heck", version = "=0.3.3" },

    # wait for halo2 to upgrade
    { name = "blake2b_simd", version = "=0.5.11" },

    # wait for zcash_primitives to remove duplicated dependencies
    { name = "block-buffer", version = "=0.7.3" },
    { name = "block-buffer", version = "=0.9.0" },

    # wait for insta to remove duplicated dependencies
    { name = "sha-1", version = "=0.8.2" },

    # wait for curve25519-dalek to upgrade
    { name = "digest", version = "=0.9.0" },

    # Wait for inferno -> num-format to upgrade
    { name = "arrayvec", version = "=0.4.12" },

    # upgrade sentry, metrics-exporter-prometheus, reqwest, hyper,
    # which needs #2953: upgrade tracing to the latest major version
    #
    # also wait for tower-test and tokio-test to upgrade
    { name = "tokio-util", version = "=0.6.9" },
    { name = "tracing-subscriber", version = "=0.1.6" },

    # upgrade abscissa and arti
    { name = "darling", version = "=0.12.4" },
    { name = "darling", version = "=0.13.4" },

    { name = "proc-macro-crate", version = "=0.1.5" },
]

# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "deny"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "deny"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = [
]

[sources.allow-org]
github = [
    "ZcashFoundation",
]